Statistical anomaly detection methods of data communication

Abstract

This thesis serves as a theoretical basis for a practical solution to the issue of the use of statistical methods for detecting anomalies in data traffic. The basic focus of anomaly detection data traffic is on the data attacks. Therefore, the main focus is the analysis of data attacks. Within the solving are data attacks sorted by protocols that attackers exploit for their own activities. Each section describes the protocol itself, its usage and behavior. For each protocol is gradually solved description of the attacks, including the methodology leading to the attack and penalties on an already compromised system or station. For the most serious attacks are outlined procedures for the detection and the potential defenses against them. These findings are summarized in the theoretical analysis, which should serve as a starting point for the practical part, which will be the analysis of real data traffic. The practical part is divided into several sections. The first of these describes the procedures for obtaining and preparing the samples to allow them to carry out further analysis. Further described herein are created scripts that are used for obtaining needed data from the recorded samples. These data are were analyzed in detail, using statistical methods such as time series and descriptive statistics. Subsequently acquired properties and monitored behavior is verified using artificial and real attacks, which is the original clean operation modified. Using a new analysis of the modified traffics compared with the original samples and an evaluation of whether it has been some kind of anomaly detected. The results and tracking are collectively summarized and evaluated in a separate chapter with a description of possible further attacks, which were not directly part of the test analysis